Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0a9a47bfb52146fa925b915974099400N.exe

  • Size

    373KB

  • Sample

    240825-r9pmpazdje

  • MD5

    0a9a47bfb52146fa925b915974099400

  • SHA1

    1d3627b2bf3536d976b5734220e5245051c8c6a7

  • SHA256

    c513c6de5876b19d173f68e74f538752dd967392ba2f880641ea4803c0185e9d

  • SHA512

    b7c1c124c91c92e4058dfd15e050aaf4050b0e537f28f4b4b66caddcd21d9c5d24e0a69b7bc6e7b082e21f9fb6182bab1cc80c561d37a54062dd22c9a0879efd

  • SSDEEP

    6144:A//ICMmDRxs3NBRQFU8D58sM7nwlptA1u5iPgbfVTMOxyZEo3XATvSWU:A//vi9BCFUJsM7QAw5imMgHvSWU

Malware Config

Targets

    • Target

      0a9a47bfb52146fa925b915974099400N.exe

    • Size

      373KB

    • MD5

      0a9a47bfb52146fa925b915974099400

    • SHA1

      1d3627b2bf3536d976b5734220e5245051c8c6a7

    • SHA256

      c513c6de5876b19d173f68e74f538752dd967392ba2f880641ea4803c0185e9d

    • SHA512

      b7c1c124c91c92e4058dfd15e050aaf4050b0e537f28f4b4b66caddcd21d9c5d24e0a69b7bc6e7b082e21f9fb6182bab1cc80c561d37a54062dd22c9a0879efd

    • SSDEEP

      6144:A//ICMmDRxs3NBRQFU8D58sM7nwlptA1u5iPgbfVTMOxyZEo3XATvSWU:A//vi9BCFUJsM7QAw5imMgHvSWU

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks